From owner-freebsd-arch  Wed Nov 28 10:23:46 2001
Delivered-To: freebsd-arch@freebsd.org
Received: from beppo.feral.com (beppo.feral.com [192.67.166.79])
	by hub.freebsd.org (Postfix) with ESMTP id 4BC6F37B417
	for <arch@FreeBSD.ORG>; Wed, 28 Nov 2001 10:23:44 -0800 (PST)
Received: from mailhost.feral.com (mjacob@mailhost.feral.com [192.67.166.1])
	by beppo.feral.com (8.11.3/8.11.3) with ESMTP id fASINeW90495;
	Wed, 28 Nov 2001 10:23:40 -0800 (PST)
	(envelope-from mjacob@feral.com)
Date: Wed, 28 Nov 2001 10:23:40 -0800 (PST)
From: Matthew Jacob <mjacob@feral.com>
X-Sender: mjacob@beppo
Reply-To: mjacob@feral.com
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: arch@FreeBSD.ORG
Subject: Re: Anybody working on devd? 
In-Reply-To: <36655.1006969510@critter.freebsd.dk>
Message-ID: <Pine.BSF.4.21.0111281021280.87220-100000@beppo>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG



On Wed, 28 Nov 2001, Poul-Henning Kamp wrote:

> In message <Pine.BSF.4.21.0111280940210.28332-100000@beppo>, Matthew Jacob writes:
> >> Generally speaking, it seems desirable the devices would appear in /dev
> >> with conservative permissions, and then userland policy might adjust those
> >> permissions to be more liberal based on files in /etc, and so on. 
> >
> >I think that if this is the case, there's no point in device drivers knowing
> >about permissions at all, and shouldn't be even *allowed* to set them.
> 
> Well, true in the theoretical sense, but it makes a lot of sense
> for picobsd like systems that they do.
> 
> As long as the default policy is (ie: becomes) configurable (see
> my other email), it is not harmful that the drivers gives a first
> stab at mode/owner/group.

There's a race between some joblow driver setting completely loose permissions
and devd setting the policy based ones. This is a security hole. This is what
I meant by "either you trust the driver or you don't". The consensus here is
that "we don't".

Therefore, internally make_dev uses 0/0 600 as default- not settable by
driver. The default policy for picobsd would be 666 I assume.

-matt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message